Privacy Statement

How Blueadder Accountancy Software collects, uses and protects personal information.

We believe that information about your business and finances should be handled carefully, transparently and securely. This statement explains what information we process, why we process it and the rights available to you.

Last updated: 10 July 2026

We do not sell your data

We do not sell or rent personal information to advertisers, data brokers or other third parties.

You remain in control

You have rights over your personal information, including rights of access, correction, restriction and, where applicable, deletion or portability.

Security by design

We use technical and organisational safeguards designed to protect information against unauthorised access, loss or misuse.

1. Introduction

Blueadder Accountancy Software ("Blueadder", "we", "us" or "our") respects your privacy and is committed to handling personal information responsibly.

This Privacy Statement explains how we collect, use, store, disclose and protect personal information when you visit our website, create an account, use the Blueadder platform, contact us or otherwise interact with our services.

This statement is intended to reflect the requirements of the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 and, where applicable, the Privacy and Electronic Communications Regulations 2003 ("PECR").

2. Who We Are

Blueadder Accountancy Software provides cloud-based accountancy, bookkeeping, tax compliance and related business-management software for sole traders, landlords, contractors, small businesses, accountants and bookkeepers.

For personal information collected for our own business purposes, such as account registration, billing, security, enquiries and customer support, Blueadder Accountancy Software acts as the data controller.

Where a business, accountant or bookkeeper enters or uploads personal information about employees, customers, suppliers, subcontractors, tenants or other individuals, that customer will generally be the data controller and Blueadder will generally act as a data processor on its behalf.

Questions about the use of personal information within a particular customer's records should normally be directed to that customer in the first instance.

3. Information We Collect

The information we collect depends on how you use Blueadder. It may include the following categories:

  • Identity data: names, usernames, titles, dates of birth and similar identifiers.
  • Contact data: postal addresses, email addresses and telephone numbers.
  • Business data: business names, trading details, company or tax references, business addresses and information about business activities.
  • Account and authentication data: usernames, securely protected passwords, authentication settings, permissions and multi-factor authentication information.
  • Subscription and payment data: plan information, billing address, payment status, invoices and payment references. Full payment-card details may be collected directly by our payment provider rather than stored by Blueadder.
  • Accounting and transaction data: invoices, purchases, expenses, payments, bank transactions, payroll-related records, VAT information, CIS information, nominal-ledger records and financial reports.
  • Tax information: taxpayer references, tax calculations, income information, allowances, deductions, liabilities, filing records and information required for authorised HMRC interactions.
  • Banking information: bank-account identifiers, balances and transaction information obtained where a user chooses to connect an account through an authorised Open Banking service.
  • Uploaded content: invoices, receipts, photographs, documents, correspondence and other files uploaded to the platform.
  • Support and communication data: enquiries, support requests, feedback and other communications with us.
  • Technical and usage data: IP addresses, browser type, device information, operating system, login activity, session information, error records and activity logs.
  • Security and audit data: access records, authentication events, changes made within the software and other information needed to maintain security and audit trails.
  • Marketing preferences: information about whether and how you have agreed to receive promotional communications.

4. How We Obtain Information

We may obtain personal information:

  • Directly from you when you register or contact us.
  • When you enter information or upload documents to the platform.
  • From an accountant, bookkeeper, employer, business customer or other authorised user.
  • From HMRC where you have authorised the relevant connection or request.
  • From banks and authorised Open Banking providers where you have authorised an account connection.
  • From payment, identity-verification, fraud-prevention or other service providers.
  • Automatically through security logs, cookies and similar technologies when you use our website or platform.

5. How We Use Personal Information

We may use personal information to:

  • Create and administer user accounts.
  • Provide bookkeeping, accounting, reporting and tax-related software functions.
  • Record transactions and maintain accounting records and audit trails.
  • Prepare, display and, where authorised, transmit information to HMRC.
  • Retrieve and process authorised Open Banking information.
  • Process subscriptions, payments, invoices, renewals and cancellations.
  • Provide onboarding, customer support and technical assistance.
  • Authenticate users and control access to accounts and client workspaces.
  • Prevent, detect and investigate fraud, misuse, security incidents and unauthorised access.
  • Maintain, test, troubleshoot and improve the platform.
  • Send operational messages about accounts, subscriptions, security, service availability and changes to our services.
  • Send marketing communications where permitted by law and in accordance with your preferences.
  • Meet legal, regulatory, accounting and tax obligations.
  • Establish, exercise or defend legal claims.

6. Our Lawful Bases for Processing

We will only process personal information where we have a lawful basis. Depending on the circumstances, we may rely on:

  • Performance of a contract: where processing is necessary to provide services you have requested or to take steps before entering into a contract.
  • Legal obligation: where processing is necessary to meet an obligation imposed by law.
  • Legitimate interests: where processing is reasonably necessary to operate, secure, support and improve our business and services, provided those interests are not overridden by your rights and freedoms.
  • Consent: where you have given clear consent for a particular purpose, such as certain marketing communications or non-essential cookies.
  • Legal claims: where processing is necessary to establish, exercise or defend legal rights.

7. Sensitive and Special Category Information

Blueadder is not designed to require sensitive personal information unless it is relevant to an accounting, employment, tax or legal record.

Financial records and uploaded documents may occasionally contain special category information, such as information about health, religious donations or trade-union payments. Customers should only enter or upload such information where it is necessary and lawful to do so.

Where Blueadder processes this information on behalf of a customer, the customer is responsible for identifying an appropriate lawful basis and any additional condition required by data-protection law.

8. HMRC Services

Where you choose to connect Blueadder to HMRC, you will be asked to authenticate with HMRC and authorise the relevant access.

We may process tax identifiers, obligations, calculations, submissions, liabilities and related information needed to provide the requested service.

Blueadder will only submit information to HMRC when instructed or authorised through the applicable workflow. HMRC's own handling of personal information is governed by its privacy information and applicable law.

9. Open Banking

Where you choose to connect a bank account, the connection will be made through an authorised Open Banking provider.

Blueadder may receive account identifiers, balances, transaction descriptions, payment dates, amounts and related banking information made available through that connection.

We do not ask you to provide your online-banking password to Blueadder. Authentication is completed through your bank or the relevant authorised provider.

You may withdraw or allow your Open Banking authorisation to expire. Information already imported into your accounting records may need to be retained for contractual, accounting, audit or legal purposes.

10. When We Share Personal Information

We may share personal information where necessary with:

  • Hosting, infrastructure, backup and technology providers.
  • Payment processors and subscription-management providers.
  • Email, communications and customer-support providers.
  • HMRC where you have requested or authorised an interaction.
  • Banks and authorised Open Banking providers where you request a banking connection.
  • Accountants, bookkeepers, employees or advisers whom you authorise to access your workspace.
  • Identity-verification, security, fraud-prevention and professional-advisory providers.
  • Courts, regulators, law-enforcement bodies or other authorities where disclosure is required or permitted by law.
  • A purchaser, successor or adviser involved in a proposed sale, restructuring or transfer of all or part of our business, subject to appropriate confidentiality protections.

Service providers that process information on our behalf are expected to use it only for the agreed purposes and to apply appropriate security and confidentiality measures.

11. Information Security

We use technical and organisational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, disclosure, misuse or unauthorised access.

These measures may include:

  • Encrypted communications.
  • Authentication and access controls.
  • Multi-factor authentication where applicable.
  • Separation of customer workspaces.
  • Security logging and audit trails.
  • Backup and recovery procedures.
  • Software maintenance and security updates.
  • Restricted administrative access.

No internet-based service can guarantee absolute security. Users are responsible for protecting their passwords, authentication devices and account-access details and for notifying us promptly of suspected unauthorised access.

12. Data Retention

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, including contractual, operational, security, accounting, tax and legal requirements.

Retention periods depend on the type of information and the reason it is held. For example:

  • Account information is normally retained while an account remains active and for an appropriate period after closure.
  • Financial, contractual and billing records may be retained for the period required by applicable tax, accounting and limitation rules.
  • Security and audit logs may be retained for a period appropriate to detecting misuse, investigating incidents and maintaining system integrity.
  • Customer accounting records are retained in accordance with the subscription agreement, customer instructions and applicable legal requirements.
  • Backups may retain information for a limited period after it has been removed from the live platform.

When information is no longer required, we will delete, anonymise or securely dispose of it, subject to any continuing legal or regulatory obligation.

13. International Data Transfers

Some of our service providers may process information outside the United Kingdom.

Where personal information is subject to a restricted international transfer, we will use a legally recognised transfer mechanism where required. This may include UK adequacy regulations, an approved international data transfer agreement, the UK Addendum to approved standard contractual clauses, or another lawful safeguard.

14. Cookies and Similar Technologies

Blueadder may use cookies and similar technologies to operate the website and platform, maintain sessions, remember settings, protect accounts, understand service performance and improve the user experience.

Some cookies are strictly necessary for the website or platform to function. Where consent is legally required for non-essential cookies, we will request consent before using them.

Further information about the cookies in use, their purposes and available controls should be provided in our Cookie Notice or cookie-preference tool.

15. Marketing Communications

We may send service communications that are necessary to administer your account, such as security alerts, subscription notices and information about material service changes.

Promotional communications will only be sent where permitted by law. You may opt out of marketing at any time by using the unsubscribe method provided in the message or by contacting us. Opting out of marketing will not prevent necessary account or service communications.

16. Automated Processing and Decision-Making

Blueadder uses automation to perform accounting calculations, categorise workflow information, generate records, identify inconsistencies and support compliance processes.

We do not currently use personal information to make solely automated decisions that produce legal or similarly significant effects on individuals. We will update this statement and provide any additional protections required by law if this changes.

17. Your Data-Protection Rights

Depending on the circumstances, your rights may include:

  • Right to be informed: the right to clear information about how your personal information is used.
  • Right of access: the right to request a copy of personal information held about you.
  • Right to rectification: the right to ask for inaccurate or incomplete information to be corrected.
  • Right to erasure: the right to request deletion in certain circumstances.
  • Right to restrict processing: the right to ask us to limit processing in certain circumstances.
  • Right to object: the right to object to certain processing, including direct marketing.
  • Right to data portability: the right, where applicable, to receive information you provided in a structured, commonly used and machine-readable format.
  • Rights concerning automated decisions: rights relating to certain decisions made solely through automated processing.
  • Right to withdraw consent: where processing is based on consent, the right to withdraw it at any time without affecting processing already carried out lawfully.

These rights are not absolute and may be limited by legal, regulatory, accounting, tax or other permitted requirements.

We may need to verify your identity before responding to a request. We will normally respond within the period required by data-protection law.

18. Children's Information

Blueadder is a business and professional accounting service and is not directed at children. Users should not create accounts for children or upload children's personal information unless it is necessary, lawful and relevant to a legitimate accounting, employment, tax or legal purpose.

20. Changes to This Privacy Statement

We may update this statement to reflect changes to our services, legal requirements or data-processing practices. The revised statement will be published on this page with an updated revision date. Where a change is material, we may also notify registered users by email or through the platform.

21. Concerns and Complaints

Please contact us first if you have a question or concern about how we use personal information. We will make reasonable efforts to investigate and resolve the matter.

You also have the right to complain to the Information Commissioner's Office, the UK supervisory authority for data protection.

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 0303 123 1113

Website: ico.org.uk

22. Contact Us

To exercise a data-protection right or ask a question about this statement, please contact:

Blueadder Accountancy Software

Address: 6/F, 37 Lombard Street, London EC3V 9BQ

Email: info@blueadder.co.uk

ICO registration number: [Insert registration number]

Questions About Your Information?

Please contact Blueadder if you would like more information about how your personal information is handled.

Contact Blueadder